CVE-2021-30177: SQL Injection
First published: Wed Apr 07 2021(Updated: )
There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PhpNuke | =8.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-30177?
CVE-2021-30177 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2021-30177?
To fix CVE-2021-30177, ensure that the U.S. state input is validated to two letters and restrict the OrderBy field to acceptable values.
What are the potential impacts of CVE-2021-30177?
The potential impacts of CVE-2021-30177 include unauthorized access and remote execution of malicious code.
What versions of PHP-Nuke are affected by CVE-2021-30177?
CVE-2021-30177 affects PHP-Nuke version 8.3.3.
Is CVE-2021-30177 specific to certain components of PHP-Nuke?
Yes, CVE-2021-30177 specifically affects the User Registration section of PHP-Nuke.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phpnuke
- canonical/phpnuke
- version/phpnuke/8.3.3